Re: DELETE FROM pg_class

On 9/24/07, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Simon Riggs <simon(at)2ndquadrant(dot)com> writes:
> > On Mon, 2007-09-24 at 14:44 +0200, Dawid Kuroczko wrote:
> >> Hello, I see that I can modify system tables even though I have
> >> not set allow_system_table_mods... Is this a feature or a bug?
>
> > allow_system_table_mods allows you to modify the structure, not just the
> > data, i.e. add additional columns to system tables.
>
> > Superusers have the capability to modify data in catalog tables and many
> > other things besides, normal users don't.
>
> It is possible to disable this by turning off your
> pg_authid.rolcatupdate flag, but AFAIR there is no handy support for
> that (eg, no separate ALTER ROLE option).
>
> The better advice though is "don't run as superuser except when you
> absolutely must". You don't do random work as root, do you?

Nah, actually a friend (user of the other open source RDBMS) asked
me if you can overload PostgreSQL builtins (like new()). And it was quite
simple. I thought though, that I need allow_system_table_mods for it
and it surprised me that I just needed to become superuser...

Somehow, when I read documentation, my internal parser omitted
the "of the structure" of the "Allows modification of the structure of
system tables." sentence. I feel a bit foolish for asking this question,
but now I am a bit wiser.

Regards,
Dawid